Wireless access point allocation and transfer

ABSTRACT

A network system includes a master wireless access point (mAP) connected to one or more slave access points (sAPs), the mAP configured to configure the wireless access password of the sAP(s) and including an open user interface wirelessly accessible by a wireless device, a security gateway and a secure user interface wirelessly accessible by the wireless device. The wireless device connects to the mAP via the open user interface and exchanges security credentials to bypass the security gateway to gain access to the secure user interface. The wireless device is connected to the secure user interface, the mAP is configured to: configure an SSID and/or wireless access password for a sAP and to share the SSID and/or wireless access password with the wireless device, whereupon, the wireless device disconnects from the mAP and re-connects to the network via the sAP using the wireless access password configured by the mAP.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of GB Patent Application 1410623.1,filed Jun. 13, 2014, and the benefit of GB Patent Application 1419041.7,filed Oct. 26, 2014, the entire disclosures of which are each herebyincorporated herein by reference.

FIELD

This invention relates to allocating wireless devices to, andtransferring wireless devices between, multiple wireless access points.The invention may be particularly useful in managing wirelessconnections between multiple users across multiple access points, and inparticular, in relation to download booths or Wi-Fi networks located inhigh density areas.

BACKGROUND

It is commonplace nowadays for people to use public Wi-Fi and wirelessnetworks to connect to data networks, such as the internet, or localservers. This is accomplished by the provision of a wireless networkadapter (most commonly, a Wi-Fi adapter) installed on a device, such asa mobile telephone, laptop computer, tablet PC etc., which connects tothe LAN or WAN via an access point. The data transfer speed of thewireless connection is limited by a number of factors, which ultimatelydetermine the download and upload speed of data from, and to, the LAN orWAN, respectively.

Ultimately, the data transfer speed is limited by the speed of thenetwork, for example whether it is a 10 Mbps, 100 Mbps or 1000 Mbps (orgreater) network and this is determined by the speed of the switches,routers and other devices connected to the network. The network isconnected to a wireless access point (hereinafter an “AP”), whichbridges the hard-wired LAN to the wireless LAN (WLAN) and wirelessdevices can thus connect to the AP to establish a connection to the LAN.

The speed of the WLAN is determined by a number of factors, such as thedistance between the wireless device and the AP (signal strengthdiminishing with distance), the physical layout of the environment (e.g.the location of attenuating and/or reflecting elements, such as walls,floors and ceilings), and the number of concurrently connected users.Whilst the former factors that determine the maximum possible downloadspeed are largely outside the WLAN provider's control, the number ofconcurrent users is, in many cases, within the WLAN provider's control.

The number of concurrent connections to a WLAN AP is important becausethe maximum available bandwidth, i.e. the bandwidth at the AP-LANconnection, and the bandwidth of AP, must effectively be shared betweenthe concurrent users. Thus, a single user may be able to make full useof the available bandwidth, but when another user connects to the sameAP, the bandwidth for each user is effectively halved. In practice thisis not always the case because data upload and download for concurrentusers is not necessarily simultaneous, i.e. the bandwidth can be stripedsuch that each user attains the maximum bandwidth, albeit at differenttimes. However, when many users connect to a single AP, the bandwidth,and hence the data download/upload speeds can be adversely affected.

APs are nowadays available that have multi-in, multi-out (MIMO)capabilities, and these APs often have multiple antennae, which enablesome of the aforementioned problems to be ameliorated. However,up-scaling existing MIMO APs is difficult (there is currently a limit tothe number of MIMO connections that can be made to a single MIMO AP),and installing multiple APs in a single location can be problematicalso.

The reason for this is that to establish a WLAN connection, a usertypically needs to pass a security protocol, such as WPA, WPS and WEPbefore a connection to the WLAN can be established which usuallyrequires a user to correctly enter a password corresponding to theunique identification (SSID) of the AP to gain access to it.Specifically, each AP is usually given a SSID, and its own password, andthis is a sensible precaution to prevent data collisions and DNS errorson the network. This is also sensible where (as the case most often);connections to the WLAN are established on the basis of an IP address ofthe AP, rather than on the basis of its truly unique MAC.

For the sake of convenience, AP connection credentials (SSID andpassword) are often stored on users' devices for a period of time sothat when the device comes back within range of an AP to which it haspreviously successfully connected, a WLAN connection can be initiatedautomatically—without any user intervention.

In order to scale-up the available bandwidth, it is nowadays becomingmore common to install multiple APs in heavily-used WLAN environments.

SUMMARY

However, where multiple APs are available, the returning user may notreconnect to the same AP, in which case, the SSID and passwordcredentials will not match. As previously stated, providing multiple APswith identical SSIDs and passwords is undesirable, and so a user mayneed to re-connect using fresh credentials. Doing this a few times maybe acceptable, but where a great many APs are present in a particulararea, the user will quickly become annoyed with having to obtain andinput AP credentials corresponding to each new AP visited in a the samearea.

This invention aims to provide a solution to one or more of the aboveproblems. According to the invention, there is provided a networkarchitecture comprising a master wireless access point (mAP) operativelyconnected to one or more slave access points (sAPs), the mAP beingconfigured, in use, to configure the wireless access password of the oreach sAP and comprising an open user interface wirelessly accessible bya wireless device, a security gateway and a secure user interfacewirelessly accessible by the wireless device, wherein, in use, thewireless device connects to the mAP via the open user interface andexchanges security credentials to bypass the security gateway to gainaccess to the secure user interface, and wherein, when the wirelessdevice is connected to the secure user interface, the mAP is configuredto: configure a wireless access password for a sAP and to share thewireless access password with the wireless device, whereupon, thewireless device disconnects from the mAP and re-connects to the networkvia the sAP using the wireless access password configured by the mAP.

The invention thus enables a user to make a connection to an openwireless AP, without initially having to exchange security credentials.The mAP may be configured to permit limited amounts of upload/downloadfrom the network via the open wireless connection, for example, accessto a file server located on the network containing a database and/orsummaries and/or previews of content (e.g. movies and music) on theserver. If a user then decides that he/she wishes to connect to theserver, for example to download content from it, rather than serving thedata over a single AP (in this case, the mAP), the mAP is able toseamlessly connect the wireless device to one or more of the sAPs in thevicinity. This is accomplished by requesting the wireless device user toenter security credentials, such as a username and password, whereuponthe mAP will configure one of the sAPs with a given wireless accesspassword and share this with the wireless device. The wireless device isthen able to connect to the network, via the sAP, using the wirelessaccess password just given to it by the mAP. This frees-up the mAP tohandle subsequent access requests from other wireless devices.

It will be appreciated that the invention could comprise any number ofsAPs, and in heavily populated areas, such as hotel lobbies, cinemafoyers, shopping mall restaurant areas, airport lounges, coffee shops,etc., a great many sAPs may be provided to enable the wireless bandwidthof each sAP to be shared between as few as possible concurrent users(wireless devices). Such a configuration suitably improves theindividual and collective user experience of users with wireless devicesin the area.

Suitably, the exchange of passwords is effected using an applicationloaded on and/or executed in the wireless device. The application maycomprise a web browser plugin, or it may be a standalone applicationwhich is downloadable from a server connected to the mAP via the openwireless connection. Thus, users may be able to conveniently hop fromthe mAP to any one of the sAPs invisibly, i.e. without knowing when orhow it occurs.

The mAP is suitably configured to allocate the wireless access passwordsof the sAPs dynamically. This can be accomplished by networktechnologies, such as uPNP, whereby the mAP is able to access andre-configure the OS of the sAPs to reset the passwords on a regular oron an ad-hoc basis.

To improve security, and to avoid users being able to return to thelocation and connect to one of the sAPs without first going through themAP, the mAP is suitably configured to assign a time-out for thewireless access passwords of the sAPs. The time-out parameter may be afixed duration, e.g. re-set every 10 minutes, or it may be configureddynamically. Dynamic configuration of the password time-out may beaccomplished by monitoring the number of concurrent wireless connectionsto a particular sAP and resetting the wireless password when the numberof concurrent users drops to zero (i.e. when all users havedisconnected). Additionally or alternatively, the time-out may beconfigured to coincide with a particular event, such that the end of aparticular downloads (actual or estimated).

Suitably, the mAP comprises a device allocation table, which contains arecord of wireless devices, the sAPs they have been connected to and thewireless access password assigned to each session. Maintaining thedevice allocation table is useful because it enable the mAP to determinewhich sAPs are in use at any given time, and allows it to allocate newconnections to sAPs with fewer, or no, concurrent open sessions. Byreducing the number of concurrent sessions at each sAP, the passwordreset parameter can potentially be shortened, thus reducing thelikelihood of a user being able to return and re-connect to a sAPwithout first having to connect via the mAP.

Suitably, the mAP is configured to assign random passwords to the sAPs,which also reduces the likelihood of unauthorised access to the network.Additionally or alternatively, the mAP may be configured to assignrandom SSIDs to the sAPs, which may also inhibit a retuning user frombeing able to identify, and attempt to connect to, a previouslyconnected-to sAP.

The mAP is suitably configured to assign wireless devices to particularsAPs on the basis of one or more selection criteria.

The selection criteria may be: the sAP with the lowest number ofconcurrent open sessions. This reduces the number of users per AP,thereby improving each user's individual and collective bandwidth.

The selection criteria may be: the sAP with the fastest connection speedto the wireless device. This may be determined by transferring a datapacket of a known size from a number of available sAPs to the wirelessdevice, and timing the length of time it takes to complete the download:the shortest download speed corresponding to the highest data rate. Thisarrangement suitably improves the user's experience because the actualdownload speed (rather than the theoretical download speed, which may bea built-in throttle setting of the 801 standard) from the sAP to thewireless device is maximised.

The invention may be implemented in a public area, or in a specificdownload booth, which may be located in a public area.

BRIEF DESCRIPTION OF THE DRAWINGS

A preferred embodiment of the invention shall now be described, by wayof example only, with reference to the accompanying drawings in which:

FIG. 1 is a schematic view of a network in accordance with theinvention;

FIG. 2 is a diagram showing the connection of a wireless device to thenetwork of FIG. 1;

FIG. 3 is a simplified version of FIG. 2 showing the connection ofseveral concurrent wireless devices to the network of FIG. 1; and

FIG. 4 is a schematic device allocation table according to theinvention.

DETAILED DESCRIPTION

In FIG. 1, a network 10 comprises a master access point (mAP) 12connected to a server 14, via a network switch or hub 16. Several slaveaccess points (sAPs) 18 are connected to the network 10, via the switch16. A wireless device 20 connects 30 to the network 10, and server 14,initially via the mAP 12 and then 78 via one of the sAPs 18.

The network 10 of FIG. 1 is suitably provided in a public area, such asa shopping mall, restaurant area, a hotel lobby, an airport waiting areaor a cinema lobby—any area where multiple users 22 might wish to connecttheir respective wireless devices 20 to the network 10.

Referring now to FIG. 2, which shows the network elements of theinvention and the series of actions with the vertical direction from topto bottom representing time, a user 22 enters an area containing thenetwork and his/her wireless device automatically detects 30 thepresence of the mAP 12 and the mAP 12 responds 32. The wireless device20 is configured to signify 34 the connection 30, 32 to the user 22, forexample, via an on-screen display or an audible tone.

The user 22 can then choose to initiate a connection to the mAP 12 andan application is loaded 36 on the wireless device 20, which may be abrowser plug-in or a dedicated application loaded on the device 20.Where a dedicated application 36 is required, but the wireless device 20does not have this installed (as determined by the connection handshakeprocedure 30, 32), the user 22 can be prompted to download theapplication 38, from the server 14, via an open access connection 40 ofthe mAP 12.

Thus, the wireless device 20 is able to initiate 42 and sustain an openconnection to the open access connection 40 of the mAP 12. The user 22is then able to interrogate 44 the server 14, for example, via a webbrowser interface, or a portal of the application, to see whether thereis any content on the server 14 that he/she may wish to download. Theserver 14 sends 46 a list of content that the user 22 is able to browse.

Upon making a selection 48, by interfacing with the application 36 orweb browser on the wireless device 20, the selection request is passed50 to the mAP 12 whereupon a security procedure is initiated. Thecontent on the server 14 may be pay-per-view, or in some other wayrestricted, and so the mAP comprises a security gateway 52 that prompts54 the user 22 for a username and password. The user 22 then entershis/her credentials 56 and the mAP 12 checks 58 these against a set ofstored credentials either on the server 14, or elsewhere on the internet60. Upon verification of the user credentials 62, the user's device 20is connected to a secure access area 64 of the mAP 12 and this isverified with a “connection successful” message 66 sent back to theuser's wireless device 20.

The user 22 can then interact with the app or web interface on his/herwireless device 20 to make one or more selections 68 from the availablecontent on the server 14, and these selections are passed 70 to thesecure area 64 of the mAP 12.

The mAP then allocates the wireless device 20 to a particular sAP 18,and sends a configuration message 72 to the sAP 18, which re-sets thewireless access password of the sAP 18, e.g. using uPNP, to a randomvalue and which includes a timeout parameter 88. The timeout parameter88 is calculated by dividing the total size of the requested download 70by the download speed, and by adding a safety factor (multiplier). Thus,the wireless access password of the sAP 18 is temporarily reset for aknown length of time 88, and the temporary random password and timeoutare stored on the mAP 12. The sAP 18 confirms the parameters 74 and theparameters 74 are then transferred 76 to the wireless device 22.

The application or web browser plugin 36 of the wireless device 20 thenterminates the connection with the mAP 12 and establishes a newconnection 78 with the sAP 18 using the SSID and password 76 relayed inthe previous step and the sAP 18 confirms 80.

The user's device 20 then then able to initiate a download 82 and datais then transferred 84 from the server 14 to the sAP 18 and then 86 fromthe sAP 18 to the wireless device 20 over the temporary wirelessconnection between the wireless device 20 and the sAP 18.

Meanwhile, the sAP is configured to timeout the connection 78, 80 afterthe pre-allocated timeout interval 88, and upon completion of thedownload 86 to the wireless device (confirmed by a confirmation message90, the sAP times-out the connection 78, 80, thereby freeing-up the sAPfor a subsequent, or other concurrent users.

If, on the other hand, the timeout period 88 elapses prior to the sAP 18receiving the completion message 90, the sAP can poll 92 the mAP 12 fora temporary timeout extension and this can be allowed or denied,depending on the configuration of the server 14, the mAP 12 or otherfactors.

FIG. 3 shows, schematically, how the mAP 12 can allocate differentwireless devices 202, 202, 204 to different sAPs 182, 184, 186 dependingon the number of concurrent connections or estimated download times.

In FIG. 3, a first wireless device 202 establishes a connection 72, 74with a first sAP 182 and begins a download 84, 86. The first sAP 182 ispreconfigured with a temporary password for the connection and has atimeout 88 corresponding to an estimated download time 104, aspreviously described.

A second user then attempts 82′ to download content from the server 14,in a manner previously described, but the estimated duration 105 of thedownload 86′ exceeds the remaining timeout 88 of the first sAP 182.Thus, the mAP 12 assigns the second device 204 to a second sAP 184 withits own unique SSID and password, and its own timeout parameter 88′.Thus, the second device 204 is able to benefit from un-shared bandwidthof the second sAP 184, and is not timed-out by the first sAP 182.

Meanwhile, a third wireless device 206 attempts to download 86″ arelatively small file from the server 14. In this case, the mAP 12determines that: 1) the size of the download 84″, 86″ is so small as tono adversely affect the first download 84, 86; 2) that the estimatedduration 106 of the download will “fit” within the remaining timeout 88of the first sAP 182 and 3) that it is not worth powering-up a third sAP186 to serve the download. Thus, the mAP assigns the third wirelessdevice 206 as a concurrent connection on the first sAP 182 and completesthe download by duplicating the security credentials 72, 74 supplied tothe first wireless device 202 to the third wireless device 206.

It will be appreciated that where the number of concurrent or sequentialusers is high, and/or where the number of sAPs is high, there will bebenefits to the mAP 12 keeping track of which devices are allocated towhich sAPs, what the temporary passwords are, and when the respectivetimeouts are going to occur, so that fresh password scan be re-set orextended, as need be. This is conveniently achieved by a deviceallocation table, such as that illustrated schematically, and in a verysimplified form, in FIG. 4 of the drawings.

The device allocation table 300 comprises a first column listing all ofthe concurrently connected wireless devices 20, whether they areconnected to the open 40 or secure 64 interface of the mAP 16, to whichsAP 18 each device is connected, the temporary random password 302(and/or SSID 304) for the respective sAP 18 and the time out time 88 foreach sAP 18. Thus, the mAP 16 is able to track connections and todynamically allocate different devices to different sAPs on-the-fly.Further, if the device allocation table indicates a fault (for example,a hung connection indicated by repeated time out extension requests 92),the mAP can re-assign different devices to different sAPs on-the-fly toisolate bottlenecks and/or to improve individual or collectiveperformance.

The invention is not restricted to the details of the foregoingembodiments, which are merely exemplary of the invention.

For example, it is envisaged that any of the sAPs may also be able toact as mAPs to handle the allocation of devices 20 to any other of thesAPs. Such a configuration may be particularly useful in large publicareas, for example airports, where a user may walk from a departurelounge to a boarding gate, which may be several hundred metres apart, inwhich case any connection to an sAP in the departure lounge would bedisconnected by the time the user reaches the boarding gate (in thisexample, although the same may be true for any large building or space).Thus, if a user is part-way through a download before moving around, themAP may be configured to hop the user from one sAP to another duringthat journey. This could particularly be facilitated by the provision ofa download speed estimator system, which broadcasts a data file of aknown size from all of the sAPs, each data file having a uniqueidentifier. The device 20, an application 36 executed in the device 20,or the system 10, could time the downloads from each of the sAPs anddetermine which particular sAP provides the optimum connection speed,and thus the user's connection could be hopped from one sAP to another,either between downloads, or mid-download, to benefit from improvedconnection speed or bandwidth from a different sAP. Similarly, if thedevice 20, or application 36 determines that the download speed isreducing undesirably, the device 20 or application 36 may broadcast a“request to hop” command to the mAP, whereupon a better sAP could beallocated, on demand (“better” being determined, in one embodiment, onthe basis of the measured instantaneous download speeds from other sAPsin-range of the device 20). The advantage of determining the connectionspeed by the app 36 or device 20, rather than centrally on the network,is that it reduces system overhead, and avoids the system 10 having tounnecessarily monitor connection speeds for static users. In otherwords, the system 10 only has to consider hopping a device from one sAPto another on-demand, as opposed to continuously, and inevitably,redundantly.

The following statements are not the claims, but relate to variousaspects of the invention:

Statement 1: A network system comprising a master wireless access point(mAP) operatively connected to one or more slave access points (sAPs),the mAP being configured, in use, to configure the wireless accesspassword of the or each sAP and comprising an open user interfacewirelessly accessible by a wireless device, a security gateway and asecure user interface wirelessly accessible by the wireless device,wherein, in use, the wireless device connects to the mAP via the openuser interface and exchanges security credentials to bypass the securitygateway to gain access to the secure user interface, and wherein, whenthe wireless device is connected to the secure user interface, the mAPis configured to: configure an SSID and/or a wireless access passwordfor a sAP and to share the SSID and/or wireless access password with thewireless device, whereupon, the wireless device disconnects from the mAPand re-connects to the network via the sAP using the wireless accesspassword configured by the mAP.

Statement 2: The network of statement 1, wherein the open user interfaceis not password- or otherwise security-protected.

Statement 3: The system of statement 1 or statement 2, wherein the mAPis configured to permit limited amounts of upload/download from thenetwork via the open wireless connection.

Statement 4: The system of statement 3, wherein the mAP is configured topermit access to a file server located on the network, the servercontaining a database and/or summaries and/or previews of content storedon the server.

Statement 5: The system of any preceding statement, wherein the mAP isconfigured to connect the wireless device to one or more of the sAPs byrequesting a user of the wireless device to enter security credentials,whereupon the mAP configures one of the sAPs with a given wirelessaccess password and shares this with the wireless device such that thewireless device is able to connect to the network, via the sAP, usingthe wireless access password just given to it by the mAP.

Statement 6: The system of any preceding statement comprising aplurality of sAPs, wherein the network is configured to share thewireless bandwidth of each sAP between as few as possible concurrentwireless devices.

Statement 7: The system of any preceding statement, wherein the or eachwireless device comprises an application configured to exchangepasswords between the wireless device and the mAP and sAP.

Statement 8: The system of statement 7, wherein the applicationcomprises a web browser plugin or a standalone application executed inthe wireless device.

Statement 9: The system of statement 7 or statement 8, furthercomprising a server operatively connected to the mAP, wherein theapplication is downloadable from the server via the mAP on the openwireless connection.

Statement 10: The system of any preceding statement, wherein the mAP isconfigured to allocate the SSIDs and/or wireless access passwords of thesAPs dynamically.

Statement 11: The system of statement 10, wherein the passwordallocation is accomplished using uPNP or other similar protocols wherebythe mAP is able to access and re-configure the OS of the sAPs to resetthe SSIDs or passwords.

Statement 12: The system of any preceding statement, wherein the mAP isconfigured to assign a time-out for the wireless access passwords and/orSSIDs of the sAPs.

Statement 13: The system of statement 12, wherein the time-out parameteris of a fixed duration.

Statement 14: The system of statement 12, wherein the time-out parameteris configured dynamically by monitoring the number of concurrentwireless connections to a particular sAP and resetting the wirelesspassword when the number of concurrent users drops to zero.

Statement 15: The system of statement 12, wherein the time-out parameteris configured dynamically by being configured to coincide with theactual or estimated end time of a download.

Statement 16: The system of any preceding statement, wherein the mAPcomprises a device allocation table containing a record of wirelessdevices, the sAPs they have been connected to and the wireless accesspassword assigned to each session.

Statement 17: The system of any preceding statement, when the mAP isconfigured to assign random passwords to the sAPs.

Statement 18: The system of any preceding statement, when the mAP isconfigured to assign random SSIDs to the sAPs.

Statement 19: The system of any preceding statement, wherein the mAP isconfigured to assign newly-joined wireless devices to particular sAPshaving the lowest number of concurrent open sessions.

Statement 20: The system of any preceding statement, wherein the mAP isconfigured to assign newly-joined wireless devices to particular sAPswith the fastest connection speeds to the wireless device.

Statement 21: The system of statement 20, wherein the fastest connectionspeed is determined by transferring a data packet of a known size from anumber of available sAPs to the wireless device, and timing the lengthof time it takes to complete the download: the shortest download speedcorresponding to the highest data rate.

Statement 22: The system of any preceding statement comprising: a masteraccess point (mAP) connected to a server via a network switch or hub anda plurality of slave access points (sAPs) connected to the network, viathe switch or hub; and a wireless device operatively connectable to thenetwork and server, initially via the mAP and then via one of the sAPs.

Statement 23: A method of operating the system of any precedingstatement comprising the steps of: the wireless device automaticallydetecting the presence of the mAP; the mAP responding to the detection;and the wireless device signifying the connection to a user via anon-screen display or an audible tone.

Statement 24: The method of statement 23, wherein upon making theconnection, the wireless device downloading an application from theserver via the open access connection of the mAP.

Statement 25: The method of statement 23 or statement 24, furthercomprising the server sending to the wireless device a content listrepresenting content on the server.

Statement 26: The method of statement 25, further comprising the stepsof a user making a selection from the content list, the applicationpassing the selection to the mAP initiating a security procedure.

Statement 27: The method of statement 26, wherein the security procedurecomprises the user and mAP exchanging security credentials and the mAPchecking the security credentials against a set of stored credentials.

Statement 28: The method of statement 27, wherein upon verification ofthe user credentials, the user's device is connected to a secure accessarea of the mAP.

Statement 29: The method of statement 28, further comprising the stepsof: a user interacting with the application to make one or moreselections from the content list; the selection or selections beingpassed to the secure area of the mAP; the mAP allocating the wirelessdevice to a particular sAP; the mAP sending a configuration message tothe sAP to re-set the SSID and/or wireless access password of the sAP;exchanging the SSID and the wireless access password with theapplication of the wireless device; automatically connecting thewireless device to the server via a wireless connection between thewireless device and the sAP; and initiating a download of the selectedcontent from the server to the wireless device.

Statement 30: The method of statement 29, wherein the configurationmessage comprises a timeout parameter for the sAP-wireless deviceconnection.

Statement 31: The method of statement 29 further comprising calculatingthe timeout parameter by dividing the total size of the requesteddownload by the download speed, and by adding a multiplier.

Statement 32: The method of statement 31, wherein the download speed iscalculated by the sAPs periodically polling the wireless devices with afile of a known size and timing the download of the said file todetermine the actual download speed between the wireless device and aplurality of sAPs.

Statement 33: The method of statement 32, comprising allocating wirelessdevices to sAPs with the highest determined download speeds.

Statement 34: The method of any of statements 23 to 33, furthercomprising populating and maintaining a device allocation tablecomprising: the concurrently connected wireless devices; whether theconcurrently connected wireless devices are connected to the open orsecure interface of the mAP; to which sAP each wireless device isconnected; the temporary password and SSID for the respective sAP; andthe timeout time for each sAP's SSID and/or password.

Statement 35: A system or method substantially as hereinbeforedescribed, with reference to, and as illustrated in, the accompanyingdrawings.

It will be appreciated that the details of the foregoing embodiments areexemplary of the invention and that the skilled person may be able tomodify certain specifics without departing from the invention. It willalso be readily apparent that whilst the invention has been describedwith respect to downloading data, it is equally applicable to uploadingdata or situations in which downloading an uploading occur concurrentlyand/or sequentially.

What is claimed is:
 1. A network system comprising a master wirelessaccess point (mAP) operatively connected to one or more slave accesspoints (sAPs), the mAP being configured, in use, to configure thewireless access password of the or each sAP and comprising an open userinterface wirelessly accessible by a wireless device, a security gatewayand a secure user interface wirelessly accessible by the wirelessdevice, wherein, in use, the wireless device connects to the mAP via theopen user interface and exchanges security credentials to bypass thesecurity gateway to gain access to the secure user interface, andwherein, when the wireless device is connected to the secure userinterface, the mAP is configured to: configure an SSID and/or a wirelessaccess password for a sAP and to share the SSID and/or wireless accesspassword with the wireless device, whereupon, the wireless devicedisconnects from the mAP and re-connects to the network via the sAPusing the wireless access password configured by the mAP.
 2. The networksystem of claim 1, wherein the open user interface is not password- orotherwise security-protected, and wherein the mAP is configured topermit limited amounts of upload/download from the network via the openwireless connection, and wherein the mAP is configured to permit accessto a file server located on the network, the server containing adatabase and/or summaries and/or previews of content stored on theserver.
 3. The network system of claim 1, wherein the mAP is configuredto connect the wireless device to one or more of the sAPs by requestinga user of the wireless device to enter security credentials, whereuponthe mAP configures one of the sAPs with a given wireless access passwordand shares this with the wireless device such that the wireless deviceis able to connect to the network, via the sAP, using the wirelessaccess password just given to it by the mAP.
 4. The network system ofclaim 1, comprising a plurality of sAPs, wherein the network isconfigured to share the wireless bandwidth of each sAP between as few aspossible concurrent wireless devices.
 5. The network system of claim 1,wherein the or each wireless device comprises an application configuredto exchange passwords between the wireless device and the mAP and sAP.6. The network system of claim 5, wherein the application comprises aweb browser plugin or a standalone application executed in the wirelessdevice.
 7. The network system of claim 5, further comprising a serveroperatively connected to the mAP, wherein the application isdownloadable from the server via the mAP on the open wirelessconnection.
 8. The network system of claim 1, wherein the mAP isconfigured to allocate the SSIDs and/or wireless access passwords of thesAPs dynamically.
 9. The network system of claim 8, wherein the passwordallocation is accomplished using uPNP or other similar protocols wherebythe mAP is able to access and re-configure the OS of the sAPs to resetthe SSIDs or passwords.
 10. The network system of claim 1, wherein themAP is configured to assign a time-out for the wireless access passwordsand/or SSIDs of the sAPs.
 11. The network system of claim 10, whereinthe time-out parameter is any one or more of the group comprising: of afixed duration; configured dynamically by monitoring the number ofconcurrent wireless connections to a particular sAP and resetting thewireless password when the number of concurrent users drops to zero; andconfigured dynamically by being configured to coincide with the actualor estimated end time of a download.
 12. The network system of claim 1,wherein the mAP comprises a device allocation table containing a recordof wireless devices, the sAPs they have been connected to and thewireless access password assigned to each session.
 13. The networksystem of claim 1, when the mAP is configured to assign random passwordsto the sAPs.
 14. The network system of claim 1, when the mAP isconfigured to assign random SSIDs to the sAPs.
 15. The network system ofclaim 1, wherein the mAP is configured to assign newly-joined wirelessdevices to particular sAPs having the lowest number of concurrent opensessions.
 16. The network system of claim 1, wherein the mAP isconfigured to assign newly-joined wireless devices to particular sAPswith the fastest connection speeds to the wireless device.
 17. Thenetwork system of claim 16, wherein the fastest connection speed isdetermined by transferring a data packet of a known size from a numberof available sAPs to the wireless device, and timing the length of timeit takes to complete the download: the shortest download speedcorresponding to the highest data rate.
 18. The network system of claim1, comprising the master access point (mAP) connected to a server via anetwork switch or hub and a plurality of slave access points (sAPs)connected to the network, via the switch or hub; and a wireless deviceoperatively connectable to the network and server, initially via the mAPand then via one of the sAPs.
 19. A method of operating the networksystem of claim 18, comprising the step of: the wireless deviceautomatically detecting the presence of the mAP; the mAP responding tothe detection; and the wireless device signifying the connection to auser via an on-screen display or an audible tone.
 20. The method ofclaim 19, further comprising: upon making the connection, the wirelessdevice downloading an application from the server via the open accessconnection of the mAP; the server sending to the wireless device acontent list representing content on the server; a user making aselection from the content list, the application passing the selectionto the mAP initiating a security procedure, the security procedurecomprising the user and mAP exchanging security credentials and the mAPchecking the security credentials against a set of stored credentials;upon verification of the user credentials, the user's device isconnected to a secure access area of the mAP; a user interacting withthe application to make one or more selections from the content list;the selection or selections being passed to the secure area of the mAP;the mAP allocating the wireless device to a particular sAP; the mAPsending a configuration message to the sAP to re-set the SSID and/orwireless access password of the sAP; exchanging the SSID and thewireless access password with the application of the wireless device;automatically connecting the wireless device to the server via awireless connection between the wireless device and the sAP; initiatinga download of the selected content from the server to the wirelessdevice; and calculating a timeout parameter for the sAP-wireless deviceconnection and including the timeout parameter in the configurationmessage, the timeout parameter being calculated by dividing the totalsize of the requested download by the download speed calculated by thesAPs periodically polling the wireless devices with a file of a knownsize and timing the download of the said file to determine the actualdownload speed between the wireless device and a plurality of sAPs, andby adding a multiplier, and allocating wireless devices to sAPs with thehighest determined download speeds.